From Onboarding to Offboarding: Streamlining Access Lifecycle Management with Automated Identity Governance

As organizations evolve and adopt digital transformation, the role of effective user identity lifecycle management cannot be overemphasized. User Identity lifecycle management encompasses managing users’ access at every stage of their employment from right onboarding, user authentication, role-based access control to prompt offboarding, ensuring only authorized individuals have access to sensitive data and systems. It’s better to be safe than sorry when it comes to access provisioning and well, de-provisioning too!

A recent industry study has revealed that a vast majority (83%) admittedly maintained access to account of their previous employer. Alarmingly, more than half of these employees (56%) confessed using the digital access with the intent of harming the former employer. What is your guard against threats from such notorious and disgruntled former employees?

Data theft by departing employees may not be as commonplace as cyber security threats that organizations encounter. Nevertheless, the dangers of failing to de-provision ex-employees duly after their exit can be brutal for the organization.

 Some Staggering Data on the Impact of Delayed De-Provisioning of Former Employees

A study by Industry Leader in Identity and Access Management puts forth some key findings about the impact of delayed deprovisioning of former employees:

• 70% of organizations take 1 hour to de-provision employees from all their corporate application accounts.
• 50% of former employees’ accounts remain active for at least a day after their last day at work.
• 32% of organizations admit that it takes seven days to fully de-provision a former employee
• Of the 500 US based IT decision makers involved in the survey, at least 100 affirmed that not terminating access for former employees has resulted in data breaches.

An Alarming Case of Data theft by Former Employee at NCS

A former NCS employee, Kandula Nagaraju, was sentenced to two years and eight months in jail for unauthorised access to a company’s computer test system. Nagaraju, who was fired in October 2022 due to poor work performance, accessed the company’s computer system multiple times using the administrator login credentials. He later ran a programmed script to delete 180 virtual servers. NCS suffered a loss of S$917,832 because of Nagaraju’s actions.

Need for Terminating Access Privileges of Former Employees Immediately Upon their Exit

The threat posed by a few rogue individuals leads to data loss, data breaches, wasted spend, and breach of confidentiality for the organization.

•  Data Loss: Disgruntled employees may delete or tamper with critical files to retribute leading to a large-scale impact.

•  Data Breaches: A Ponemon Institute study revealed that over 50% of employees have stolen data from former employers, with 40% intending to use the stolen information in their new workplaces.

•  Breach of Confidentiality: Today’s data driven environment spurs companies to poach employees from rival organizations to access confidential information.

The Bottleneck in Immediate De-provisioning of Access

Organizations face practical challenges in ensuring de-provisioning of access of former employees owing to the following reasons:

 Absence of Centralized Control: There is a gap in information cascade between HR teams and the Technical Teams with whom the provisioning to systems and accounts is entrusted.

 Manual Effort: Owing to a lack of centralized hub to manage access controls, Authorization teams must invest a lot of manual effort to identify and deprovision all the accounts and systems an employee maybe holding access to.

Tedious Process: Deprovisioning involves a slew of process approvals and is dependent on several resources.

Some Tips to Keep Former Employees from Accessing Organizational Data

Here are a few ways to minimize the data theft risk from former employees:

• Develop an exit protocol for IT privileges, highlighting gradual withdrawal of privileges.
• Conduct an interview before employee exit to discuss possessions, accounts, and apps.
• Deploy a Security Information and Event Management (SIEM) system to monitor network and user activities.
• Block external email forwardingand file-sharing to prevent data exfiltration.
• Reassign former employees’ licenses to those taking over their roles to prevent wasted spending.

Role of Automation in User identity Lifecycle Management

How can you ensure user identity lifecycle management that is foolproof? This is where a centralized access automation platform can pitch in. Anugal, our home-grown access automation orchestration platform automates the entire onboarding and offboarding process wherein the manager of the employee leaving the organization gets access to a centralized, consolidated and comprehensive report of all accounts and privileges held by the employee. The manager can initiate de-provisioning of all the accounts right after the employee’s exit and ensure there is no threat of data loss or breach.

In addition, Anuga also offers integration with your HR systems, enabling you to trigger deprovisioning of access rights on the employee’s last day at work recorded in the system giving no room for any slippage due to oversight. Anugal’s unified and automated access management system ensures revocation of all access rights, including emails, file systems, and SaaS applications, at once.

About Anugal:

Anugal represents the next generation of Identity Governance and Administration (IGA) platforms, tailored specifically for complex enterprise environments, a strategic asset for any organization aiming to secure its digital identity landscape in a comprehensive, efficient, and scalable manner. The platform’s extensive features and integration capabilities make it an indispensable tool for CIOs, CISOs, and IT managers tasked with overseeing complex, distributed IT environments. Anugal not only simplifies and secures identity management but also offers strategic advantages by ensuring operational resilience, regulatory compliance, and superior user experience.